Monday, April 29, 2013

We've got a tremendous speaker line-up including John Caruthers, the head of the FBI's National Security Cyber Program at the San Diego field office, while on intelligence matters, we have RADM Andy Singer (USN ret) who, among his many accomplishments, was the Director of Intelligence for PACCOM. Lance Cottrell, the founder of Anonymizer, will speak on Operational Anonymity & Misattribution: Why you need it, how they track you, how to do it, how it fails, and best practices.

Vulnerability Disclosure and ‘Cyberwar’: The Cost of Offensive Cyber Weapons by Ryan Ellis

Kenneth Geers: Technical expert for the “Tallinn Manual on the International Law applicable to Cyber Warfare” will speak and take questions on this very important document.

This two day conference (Saturday, June 15 and Sunday, June 16) will be held at the San Diego Marriott La Jolla hotel and consist of a combination of plenary and break-out sessions. A continental breakfast and lunch will be served on both days. Attendance will be limited to no more than 100 people to allow attendees to interact more closely with our speakers during the event.

Wednesday, April 24, 2013

The Syrian Electronic Army (originally called Syrian Electronic Soldiers) was created in May 2011 by the Syrian Computer Society who registered the domain Syria-es.com and .org with Network Solutions.

The Syrian Computer Society was founded in 1989 by Bassel al-Assad, the son of then Syrian President Hafez al-Assad. Later, his brother Bashar took over the SCS presidency and Bashar later become the current President of Syria. The SCS is affiliated with the Ministry of Information and the Ministry of Higher Education. Its original goal was to "introduce information technology to all the economic sectors in Syria".

The following domains are all associated with the Syrian Electronic Army and all point to IP address 213.178.227.152, which is hosted at the Syrian Computer Society's ISP (SCS-net) located in Damascus, Syria:

mail.syrian-es.com

mail.syrian-es.net

mail.syrian-es.org

syrian-es.com

syrian-es.net

syrian-es.org

syrianelectronicarmy.com

www.syrian-es.com

www.syrian-es.org

The Syrian government also uses SCS-net hosting for its Ministry of Defense (mod.gov.sy) at IP address: 213.178.225.248. The website presently shows as under construction. This may be significant because there are at least nine ISPs operating in Syria which offer hosting options for the Syrian Electronic Army, yet they continue to use the same service which hosts the Ministry of Defense and other government websites.

The domain name syrianelectronicarmy.com was recently created (Feb 24, 2013) and remains active. They promote themselves via social media accounts on Twitter, Facebook, and YouTube:

https://twitter.com/SEA_Official7

https://www.facebook.com/SEA.205

http://www.youtube.com/user/syrianes1

Other than being the registration agent for the domain name Syrian-es.com, as well as providing hosting services for SEA websites, neither the Syrian Computer Society nor anyone in the Syrian government has claimed an official capacity for the Syrian Electronic Army however President Assad referred to them in a speech on June 20, 2011 when he mentioned the "electronic army" while praising Syria's actual Army:

The army consists of the brothers of every Syrian citizen, and the army always stands for honour and dignity. Young people have an important role to play at this stage, because they have proven themselves to be an active power. There is the electronic army which has been a real army in virtual reality.

According to the SEA website, their objective is to fight Arab and Western media who are "fabricating the truth about what is happening in Syria". Their operations have included attacks against social media outlets for:

Syria, like Iran, Israel, Estonia, China, Russia, and other countries, is leveraging the talent, patriotism, and enthusiasm of its Internet-savvy youth to act as a force multiplier in its military and geopolitical operations at almost zero cost and very little risk.

Friday, April 12, 2013

Tim O'Reilly gave a talk recently at Stanford University on the importance for startup companies to "close the loop" with their customers. Uber was used to demonstrate the concept. Both the Uber driver and the Uber customer know a lot about each other. They can track each other's location. The customer knows what the driver looks like as well as his license plate number. They can communicate with each other prior to the vehicle arriving. There's immediate feedback required on the customer's experience with the driver. There's almost no uncertainty in the entire service chain of an Uber hire. Uber has closed the loop with its customers.

As I listened to Tim speak, I immediately related it to the uncertain world of cyber security. Think of Uber as a U.S. corporation or government agency. Think of the Uber customer as the adversary state or non-state actor who's breaking in to steal valuable data. What cyber security tools "close the loop" between the two?

If you adopt an "Assumption of Breach" paradigm, then you've accepted that attackers may already be active in your network. Any tool which provides you with information on their movements in real-time "closes the loop". Then it just becomes a question of weighing cost against effectiveness and spending your dollars wisely on those tools.

Another way to close the loop with an adversary who's targeting your company or agency is to know what they want. This article in The Telegraph describes how MI-5 has issued a warning to British universities that their research on graphene and quantum computing is being stolen by Russia and China and, eventually, informing those countries' patent development work:

Researchers have already warned that work on graphene is moving abroad, with Britain funding extra research by our own academics but seeing their 54 patents outstripped by 2,204 from China.Overall, cyber crime costs the UK £27billion per year, official figures suggest, with universities now identified as targets.Researchers from Manchester, for instance, including academics Andre Geim and Konstantin Novoselov who won the 2010 Nobel Prize, have been warned that their servers could be targets. Graphene is a kind of two-dimensional carbon which is one of the thinnest, lightest, strongest and most conductive materials known to man. Identified only in 2004, it is harder than diamond, just a single molecule thick and conducts electricity.Threats are posed both by hackers infiltrating UK university computers and from the theft of data from computers used by academics travelling abroad.

My company, Taia Global, with financial support from our angel investors, is currently in development on a product which knows what the research priorities are in potential adversary states and can predict what will be stolen from our customers; thereby closing the loop between the victim and the thief and giving the victim time to take the necessary steps to protect those targeted documents. This is particularly useful when a company has millions of files, cannot protect all of them, and doesn't have a reliable way to classify those which are of value to an adversary or competitor.

Our product development cycle is currently in early Alpha. If you'd like to receive more information about this product as we get closer to beta, please contact us.

According to Bloomberg, the following companies may see a piece of Obama's request to increase cyber security spending for the next fiscal year beginning Oct 1, 2013.

"The overall cybersecurity spending proposal of more than $13 billion is about $1 billion more than current levels, according to Ari Isaacman Astles, a spokeswoman for the White House Office of Management and Budget.

"Increased U.S. computer security spending may benefit SAIC Inc. (SAI) and Northrop Grumman Corp. (NOC) in the defense area and Dell Inc. (DELL) and Hewlett-Packard Co. (HPQ) in the federal civilian space, according to data compiled by Bloomberg Government.

"BAE Systems Plc (BAESY) is “actively pursuing a number of growth opportunities” in cyber spending, DeEtte Gray, president of the London-based company’s intelligence and security division, said in an e-mail.

"At Bethesda, Maryland-based Lockheed Martin Corp. (LMT), the largest federal contractor, “our portfolio of products, services, and technologies are well aligned with the government’s priorities” that include cybersecurity, space exploration, health care and energy, Jennifer Allen, a spokeswoman, said in an e-mail.

"A major potential contracting area in the budget is the coordination of fighting online attacks through the Comprehensive National Cybersecurity Initiative Five (CNCI-5), which “seeks to connect cybersecurity centers and other cybersecurity analytics electronically and in real time,” according to the White House.

“You’re starting to see the increase in the budgets to back up where they’ve been trying to take those networks,” Wendy Martin, vice president of advanced cyber solutions for Harris Corp. (HRS) said in an e-mail. “We think it’s all in a positive direction.”

"Booz Allen Hamilton Holding Corp. (BAH), SAIC and Northrop Grumman were the top three contractors in defense cybersecurity, according to data compiled by Bloomberg Government last year. Dell, Hewlett-Packard and Computer Sciences Corp. (CSC) were the top three cybersecurity providers to civilian agencies.

"Ralph W. Shrader, chief executive officer of McLean, Virginia-based Booz Allen, said in a Dec. 5 earnings call that his company had been changing its focus to “today’s most pressing needs” including cybersecurity and health care.

"Lockheed and General Dynamics Corp. (GD), based in Falls Church, Virginia, have expanded into both cybersecurity and health care. Lockheed conducts disability exams for the Department of Veterans Affairs and develops software for the Centers for Disease Control and Prevention. General Dynamics helps provide electronic medical records and information technology for federal health services.

Tuesday, April 2, 2013

Network-centric Warfare has become the de facto standard for many nations, not just the U.S. Unfortunately, thanks to the exponential growth of global networks and the accompanying security vulnerabilities which seem to be infinite in number, the balance of power is no longer what it used to be and the U.S. cannot be assured of superiority in cyberspace.

Therefore, I think it's time that we had an indepth discussion on exactly how the InfoSec community can play a part in improving U.S. capabilities in Network-centric warfighting and/or U.S. covert actions rather than leaving such discussions solely to the classified world or one dominated by the Defense Industrial Base companies. As a result, I've invited 24 distinguished authorities from the DOD and the infosec world to come to San Diego and spend two days engaging in a discussion that will include the following topics, among others:

"Operational Anonymity & Misattribution: Why you need it, how they track you, how to do it, how it fails, and best practices" - Lance Cottrell

I want to stress that while Suits and Spooks is a conference, it's not like any conference that you've attended before. We actually do have discussions because the speaker to attendee ratio is an unheard-of 1:4 or less. If you don't believe me, check out our testimonials page or ask anyone who's been to our past events.